Cloud Foundry Logo
blog single gear
Security Advisory

USN-2639-1 OpenSSL vulnerabilities

USN-2639-1 OpenSSL vulnerabilities

Severity

Medium

Vendor

OpenSSL

Versions Affected

Ubuntu 14.04

Description

It was discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code.

The Cloud Foundry project has released a cf-release version 212 that has the patched version of the OpenSSL.

Affected Products and Versions

Severity is medium unless otherwise noted.

  • All versions of Cloud Foundry cf-release 211 and prior have versions of OpenSSL to USN-2639-1

Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project recommends that Cloud Foundry Runtime Deployments run with cf-release 212 or later when they are available, which contain the patched version of OpenSSL that resolves USN-2639-1.

Credit

Praveen Kariyanahalli, Ivan Fratric and Felix Groebert

References

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES